Docker Kata 5: Docker Networking

Learn how to list containers, ping between containers, create a user-defined network, and run containers on the network.

Docker uses software-defined networking to provide containers with a means to connect to a network. Software-defined networking uses software, instead of physical devices such as hardware load balancers and routers, to define a TCP/IP network. The Docker Engine provides a set of predefined networks on which to run containers. Administrators can also define custom networks to support a wide variety of network configurations. This kata will demonstrate how to work with Docker networks.

Step 1: List all networks#

First, stop and remove all the containers.

The command to list all Docker networks is given below.

The output will be something like:

Listing all the Docker networks

Commands

Parameter

Description

docker network

This is the parent command.

ls

This lists all the networks when used with the docker network parent command.

The docker network ls command lists all the defined Docker networks. Docker adds three networks on installation: bridge, host, and none.

The bridge network is the default network on which all containers are run.

The host network is the host’s network adapter. Containers on this network share the host’s network configuration, including IP address.

The none network is a null network. Containers on this network have no network interface.

Step 2: Ping between containers#

The command to run a disconnected NGINX container is given below:

When we run the command above, the output will be something like this:

Running a disconnected NGINX container

Commands

Parameter

Description

docker container run -d --name web1 nginx

docker container run -d --name web2 nginx

These commands run two disconnected NGINX containers named web1 and web2.

The first two commands run NGINX containers named web1 and web2.

The command to get the IP address for the container is given below.

After executing the command above, the output will be something like this:

Getting the IP address for the container

Commands

Parameter

Description

docker container

This is the parent command.

inspect

This returns detailed information about a container in JSON format.

-f

The -f paramter is used to format the JSON output from inspect.

{{ .NetworkSettings.IPAddress}}

This indicates a path to a specific attribute in the JSON output. The effect is that only the IP address of the container is returned.

[web1] / [web2]

This is the name of the container for which to return the IP address.

These commands demonstrate a method to return the IP address for a container. The -f parameter formats the JSON output. JSON is a hierarchical format, and the {{.NetworkSettings.IPAddress}} template returns only the content of the attribute specified. This method can be used to filter output from inspect for many similar use cases.

The command to install a ping utility inside the container is provided below.

The result of the command above will be something like this:

Installing ping inside the container

The command to use docker inspect to get the IP address of the container is given below.

The output will be something like this:

Getting the IP address of the container

Commands

Parameter

Description

docker container

This is the parent command.

exec

This executes a command within a container.

[web1] / [web2]

This is the name of the container on which to exec the command.

ping

This is a command used to test connectivity to an IP address. Test packets are sent, and if the endpoint is accessible and listening, a response is returned.

-w3

The -w parameter of the ping command specifies the number of packets to send. This sends three packets.

$(docker inspect -f '{{ .NetworkSettings.IPAddress}}' [web1]/[web2])

This is the command that returns the IP address of a container. The effect is that one container pings the other by IP address.

These commands ping web1 from web2, then web2 from web1.

These pings are by IP address. The commands in the $() return the IP addresses, as seen in the previous command. They are command substitutions, similar to the commands we’ve been using to stop and remove all the containers. The results show that the pings were successful, meaning that web1 and web2 were able to communicate with each other by IP address over the default bridge network.

The command to execute the ping command is given below.

The result after executing the command above will be something like this:

Executing the ping command

Commands

Parameter

Description

docker container

This is the parent command.

exec

This executes a command within a container.

web1

This is the name of the container on which we exec the command.

ping

This is a command used to test connectivity to an IP address.

-w3

The -w parameter of the ping command specifies the number of packets to send. This sends three packets.

web2

This is the name of the web2 container. The effect of the entire command is that web1 attempts to ping web2 by name instead of IP address.

This final command attempts to ping web2 from web1 by name instead of IP, but this returns an error. The unknown host error indicates that web1 cannot resolve the IP address of web2 by name. The next step will demonstrate how to make name resolution work between containers.

Step 3: Create a user-defined network#

The command to create a user-defined network is provided below.

The output will be something like this:

Creating a user-defined network

Commands

Parameter

Description

docker network

This is the parent command.

create

This creates a new user-defined bridge network when combined with the docker network parent command.

mynet

This is the name assigned to the new network.

Docker provides a create subcommand used to create user-defined networks. This command creates a new bridge network named mynet.

The command to inspect mynet is given below.

The output after running the command above will be something like this:

Insepecting the mynet named network

Parameter

Description

docker network

This is the parent command.

inspect

This returns JSON-formatted detail on a network when used with the docker network parent command.

mynet

This is the name of the network to inspect.

The docker network inspect mynet command returns detailed information on the mynet network created in the previous command.

Step 4: Run containers on a user-defined network#

First, stop and remove all the containers.

The command to start two disconnected NGINX containers is given below.

The result will be something like this:

Starting two disconnected NGINX containers

Commands

Parameter

Description

docker container

This is the parent command.

run

This runs a new container.

-d

This runs a container in disconnected mode.

--net=mynet

The --net parameter is follwed by an equals sign and the name of the user-defined network on which to run the container.

--name

This assigns a name to the container.

[web1] / [web2]

This is the name assigned to the container.

nginx

This is the name of the image to run.

This step demonstrates that using the --net parameter, containers can be run on a designated network. These commands run two NGINX containers on the mynet network.

The command to inspect mynet is given below.

The output of the command above will be something like this:

Inspecting the mynet named network

Commands

Parameter

Description

docker network

This is the parent command.

inspect

This returns detailed JSON-formatted information on a network when combined with the docker network parent command.

mynet

This is the name of the network where we return the data.

This command uses inspect to show the change to the mynet details. Note that the web and web2 containers are listed in the containers collection of the JSON.

The command to execute the ping command is given below.

The output will be something like this:

Executing the ping command

Commands

Parameter

Description

docker container

This is the parent command.

exec

This runs a command within a container.

web1

This is the name of the container within which we run the exec command.

ping

This sends test packets to an endpoint.

-w3

This sends three test packets.

web2

This is the endpoint name (or IP address). Note that this attempt received a response.

The last command pings web2 from web1 by name instead of IP address. This is successful because user-defined Docker networks, such as mynet, implement an embedded DNS server. Domain Name Service (DNS) is the mechanism used on the internet to resolve a URL, such as https://www.docker.com, to their IP addresses. Containers that are run on a user-defined bridge network are automatically added to the embedded Docker DNS server. This allows them to resolve each other’s IP addresses by name.

Practice commands#

We’ve given a terminal and table containing a list of commands discussed in this lesson. Try out these commands after running the terminal, and check out the results!

Commands

Step

Command

This stops and removes all the containers.

docker container stop $(docker container ls -q)

docker container rm $(docker container ls -aq)

This lists all the Docker networks.

docker network ls

This runs a disconnected NGINX container named web1.

docker container run -d --name web1 nginx

This runs a disconnected NGINX container named web2.

docker container run -d --name web2 nginx

This uses docker inspect to get the IP address of web1.

docker inspect -f '{{ .NetworkSettings.IPAddress}}' web1

This uses docker inspect to get the IP address of web2.

docker inspect -f '{{ .NetworkSettings.IPAddress}}' web2

This installs ping inside the container

docker container exec web1 apt update

docker container exec web1 apt install -y iputils-ping

docker container exec web2 apt update

docker container exec web2 apt install -y iputils-ping

This executes the ping command on web1, pinging the IP address of web2.

docker container exec web1 ping -w3 $(docker inspect -f '{{ .NetworkSettings.IPAddress}}' web2)

This executes the ping command on web2, pinging the IP address of web1.

docker container exec web2 ping -w3 $(docker inspect -f '{{ .NetworkSettings.IPAddress}}' web1)

This executes the ping command on web1, pinging web2 by name.

docker container exec web1 ping -w3 web2

This creates a user-defined network called mynet.

docker network create mynet

This inspects mynet.

docker network inspect mynet

This stops and removes all the containers.

docker container stop $(docker container ls -q)

docker container rm $(docker container ls -aq)

This starts two disconnected NGINX containers, one called web1 and another called web2, connected to the mynet network.

docker container run -d --net=mynet --name web1 nginx

docker container run -d --net=mynet --name web2 nginx

This inspects mynet.

docker network inspect mynet

This installs ping inside the container.

docker container exec web1 apt update

docker container exec web1 apt install -y iputils-ping

docker container exec web2 apt update

docker container exec web2 apt install -y iputils-ping

This executes the ping command on web1, pinging web2 by name.

docker container exec web1 ping -w3 web2

Terminal 1
Terminal

Click to Connect...

Docker Kata 4: Running a Web Server in a Container

Docker Kata 6: Creating Docker Images